Just plugging any Android or iOS device into your computer might be enough to give a hacker control of it

It’s only considered good form to let someone recharge their low battery smartphone from a stray USB port if they come up to you with pleading eyes in some Starbucks, but you should resist the temptation to help a brother or sister out: you might be opening yourself up for a malware attack, particularly if the phone in question is an Android handset.

Professor Angelos Stavrou from George Mason University has figured out a system in which a compromised Android smartphone can mount as a standard human input device (or HID) when plugged into a Windows, Linux or Mac PC, thereby giving keyboard and mouse access over to either preloaded malware or a remote hacker connected to the Android phone.

The scariest part of this is the new device installation happens automatically, with almost notification that there’s anything untoward taking place. Worse, Professor Stavrou says the hack could easily be hacked to run on jailbroken iOS devices. Even antivirus and antimalware software won’t spot the intruder, apparently.

In other words, as with your bed, trust the person you let into your USB ports. You certainly can’t trust their phone.

Speak Your Mind

http://www.aidants.ca Jean-Francois Messier

If I understand correctly, the phone charging “favor”, could be alleviated by having a short USB passthru, where it would only connect the actual POWER pins from the computer, and then only offer them in the plug, not carrying the actual DATA pins. I understand that some phones or other devices will not charge or accept power if there is no DATA connection, but this will avoid any virus downloaded from the phone

TJG

@Jean-Francois Messier

Or just carry a USB wall charger in you bag. If someone asks, hand it to them a point them to a wall plug. They’re pretty cheap at Amazon.